14 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenVPN vulnerabilities (USN-8286-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8286-1 advisory. Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed...
USN-8286-1 openvpn vulnerabilities
Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed packets with valid tls-crypt-v2 keys. An attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. CVE-2026-35058 Guannan Wang, Zhanpe...
Updated openvpn packages fix security vulnerabilities
CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...
MGASA-2026-0126 Updated openvpn packages fix security vulnerabilities
CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...
PT-2026-36645
Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.19 OpenVPN versions 2.7 alpha1 through 2.7.1 Description A race condition occurs during the TLS handshake, specifically during TLS session promotion. This issue can be triggered by remote attackers, potential...
PT-2026-36643
Name of the Vulnerable Software and Affected Versions OpenVPN affected versions not specified Description An issue exists in the tls crypt v2 extract client key function where an uncontrolled assertion is reachable. A remote attacker can trigger a denial of service by sending a suitably malformed...
Linux Distros Unpatched Vulnerability : CVE-2021-32686
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN,...
SUSE CVE-2024-36024
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution Why Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and...
AZL-67985 CVE-2024-36024 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution Why Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and...
AZL-62809 CVE-2024-36024 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution Why Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and...
PT-2024-26851
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a race condition in the Linux kernel where DMCUB is committing to IPS1 during the handshake, causing a transition into IPS2 to be missed and resulting in a HW han...
DEBIAN-CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when...
ALPINE-CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when...
PT-2023-7749 · Sangoma +2 · Asterisk +2
Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.20.1 Asterisk versions prior to 20.5.1 Asterisk versions prior to 21.0.1 Certified Asterisk versions prior to 18.9-cert6 Description: The issue is caused by a race condition in the hello handshake phase of the DT...